From d89591703a0c9cba1fe455bb6a27cc6e2e3f6865 Mon Sep 17 00:00:00 2001
From: Dat Boi Diego <fidiego@users.noreply.github.com>
Date: Fri, 22 Nov 2024 10:48:04 -0600
Subject: [PATCH] fd/hard code launch template (#15)

* chore: update tf version to what we use in cloud

* chore: hardcoded launch template for faster reprovision

* chore: move odr iam role out of eks module entries

* chore: update permissions
---
 artifacts/cloudformation-template.yaml |  4 +++-
 eks.tf                                 | 26 ++++++--------------------
 odr.tf                                 |  5 ++++-
 terraform.tfstate                      |  0
 versions.tf                            |  2 +-
 5 files changed, 14 insertions(+), 23 deletions(-)
 create mode 100644 terraform.tfstate

diff --git a/artifacts/cloudformation-template.yaml b/artifacts/cloudformation-template.yaml
index 0bbc8f5..84b28ef 100644
--- a/artifacts/cloudformation-template.yaml
+++ b/artifacts/cloudformation-template.yaml
@@ -55,7 +55,6 @@ Resources:
               - ec2:AttachInternetGateway
               - ec2:AuthorizeSecurityGroupEgress
               - ec2:AuthorizeSecurityGroupIngress
-              - ec2:AuthorizeSecurityGroupIngress
               - ec2:CreateInternetGateway
               - ec2:CreateLaunchTemplate
               - ec2:CreateLaunchTemplateVersion
@@ -151,6 +150,7 @@ Resources:
               - kms:UntagResource
               - logs:CreateLogGroup
               - logs:DescribeLogGroups
+              - logs:ListTagsForResource
               - logs:ListTagsLogGroup
               - logs:PutRetentionPolicy
               - logs:TagLogGroup
@@ -254,7 +254,9 @@ Resources:
               - kms:ScheduleKeyDeletion
               - logs:DeleteLogGroup
               - logs:DescribeLogGroups
+              - logs:ListTagsForResource
               - logs:ListTagsLogGroup
+              - logs:UntagResource
               - route53:ChangeTagsForResource
               - route53:DeleteHostedZone
               - route53:GetDNSSEC
diff --git a/eks.tf b/eks.tf
index d8082f9..b06c810 100644
--- a/eks.tf
+++ b/eks.tf
@@ -65,27 +65,7 @@ module "eks" {
           }
         }
       }
-    },
-    # TODO(fd): we should have this passed in as an input in case this ever changes
-    "odr-${local.cluster_name}" = {
-      principal_arn     = module.odr_iam_role.iam_role_arn
-      kubernetes_groups = [] # superceded by AmazonEKSClusterAdminPolicy
-      policy_associations = {
-        cluster_admin = {
-          policy_arn = "arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy"
-          access_scope = {
-            type = "cluster"
-          }
-        }
-        eks_admin = {
-          policy_arn = "arn:aws:eks::aws:cluster-access-policy/AmazonEKSAdminPolicy"
-          access_scope = {
-            type = "cluster"
-          }
-        }
-      }
     }
-
   }
 
   node_security_group_additional_rules = {}
@@ -96,6 +76,12 @@ module "eks" {
       max_size       = local.max_size
       desired_size   = local.desired_size
 
+      # NOTE(fd): automate the update of this on a regular interval
+      launch_template = {
+        name    = "default-2024112202580872790000001a"
+        version = 2
+      }
+
       iam_role_additional_policies = {
         additional = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
       }
diff --git a/odr.tf b/odr.tf
index bc1de3b..faacf8e 100644
--- a/odr.tf
+++ b/odr.tf
@@ -30,5 +30,8 @@ module "odr_iam_role" {
     custom = aws_iam_policy.odr.arn
   }
 
-  depends_on = [aws_iam_policy.odr]
+  depends_on = [
+    aws_iam_policy.odr,
+    module.eks,
+  ]
 }
diff --git a/terraform.tfstate b/terraform.tfstate
new file mode 100644
index 0000000..e69de29
diff --git a/versions.tf b/versions.tf
index 7cdbf12..b338cd7 100644
--- a/versions.tf
+++ b/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 1.5.4"
+  required_version = ">= 1.7.5"
 
   required_providers {
     aws = {